macOS wireless roaming for enterprise customers

Learn how macOS supports roaming between access points within a wireless network.

For system administrators, macOS roaming helps your Mac stay connected as it moves between different places within your office network.

Trigger threshold

The trigger threshold is the minimum signal level a client requires to maintain the current connection.

macOS clients monitor and maintain the current BSSID’s connection until the RSSI crosses the -75 dBm threshold. After RSSI crosses that threshold, macOS scans for roam candidate BSSIDs for the current ESSID.

Consider this threshold in view of the signal overlap between your wireless cells. macOS maintains a connection until the -75 dBm threshold, but 5 GHz cells are designed with a -67 dBm overlap. Those clients will remain connected to the current BSSID longer than you expect.

Also consider how the cell overlap is measured. The antennas on computers vary from model to model, and they see different cell boundaries than expected. It's always best to use the target device when you measure cell overlap.

Selection criteria for band, network, and roam candidates

macOS always defaults to the 5 GHz band over the 2.4 GHz band. This happens as long as the RSSI for a 5 GHz network is -68 dBm or better.

If multiple 5 GHz SSIDs meet this level, macOS chooses a network based on these criteria:

802.11ac is preferred over 802.11n or 802.11a.

802.11n is preferred over 802.11a.

80 MHz channel width is preferred over 40 MHz or 20 MHz.

40 MHz channel width is preferred over 20 MHz.

macOS doesn't support 802.11k. macOS does interoperate with SSIDs that have 802.11k enabled.

macOS selects a target BSSID whose reported RSSI is 12 dB or greater than the current BSSID’s RSSI. This is true even if the macOS client is idle or transmitting/receiving data.

Roam performance

Roam performance describes how long a client needs to authenticate successfully to a new BSSID.

Finding a valid network and AP is only part of the process. The client must complete the roam process quickly and without interruption so the user doesn't experience downtime. Roaming involves the client authenticating against the new BSSID and deauthenticating from the current BSSID. The security and authentication method determines how quickly this can happen.

First, 802.1X-based authentication requires the client to complete the entire EAP key exchange. Then, it can deauthenticate from the current BSSID. Depending on the environment’s authentication infrastructure, this might take several seconds. End users could experience interrupted service in the form of dead air.

macOS supports static PMKID (Pairwise Master Key identifier) caching to help optimize roaming between BSSIDs in the same ESSID. macOS doesn't support Fast BSS Transition, also known as 802.11r. You don't have to deploy additional SSIDs to support macOS because macOS interoperates with 802.11r.

Measure Client RSSI

macOS offers a few built-in tools that scan to measure RSSI.

To learn the RSSI for the associated network, hold the Option key while you click the Wi-Fi menu.

To learn the RSSI for networks in the client’s environment, use Wireless Diagnostics. To open Wireless Diagnostics, Option-click on the Wi-Fi menu, select Open Wireless Diagnostic, and choose Scan. Click the Scan Now button to find all nearby wireless networks and measure their RSSI.

In addition to this graphic tool, you can also use the command-line utility "airport" to get the same data. This is found in /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/. The ‘-s’ flag scans the current environment for available networks and lists the RSSI.